Windows

Major security flaw exposed in Windows 10

mm
Written by Kamil Arli

Express.co reported that Google has published details about a new security vulnerability that affects both Windows 10 Edge and Internet Explorer 11.

Google has published details about a new security vulnerability within Windows 10 Edge and Internet Explorer 11 that would allow hackers to crash both browsers and remotely execute malicious code.

The new flaw allows hackers to remotely crash both browsers and execute malicious code.

Google’s Project Zero security division privately reported the flaw to Microsoft, back in 25th November.

In line with its policies, Google then publicly disclosed the latest bug this week – after Microsoft failed to patch the bug within 90 days of being notified.

SEE ALSO:   Forget the Surface Pro 5, Windows 10 Cloud might be Microsoft’s next big thing

Technology companies enough time to patch the problems before the flaw is made public

Google researcher Ivan Fratric said he was reluctant to publish more details about the bug until it had been successfully patched by Microsoft.

The Project Zero team uses its 90-day window as a form of responsible disclosure, allowing technology companies enough time to patch the problems before the flaw is made public.

Mr Fratric added in the comments section of his disclose, “I will not make any further comments on exploitability, at least not until the bug is fixed.

“The report has too much info on that as it is (I really didn’t expect this one to miss the deadline).”

The bug was indexed by the National Vulnerability Database as CVE-2017-0037.

SEE ALSO:   Windows 10 privacy settings: What's new in the Creators Update

The organisation has warned that the vulnerability “allows remote attackers to execute arbitrary code”. It has categorised the exploit as “high-severity”.

The critical vulnerability is not currently being used by cybercriminals in the wild GETTY

The critical vulnerability is not currently being used by cybercriminals in the wild

Google’s latest security flaw is believed to be centred around the way that Internet Explorer 11 and Microsoft Edge formatting parts of web pages.

This is not the first time

Thankfully, there is currently no evidence of the vulnerability being used in any large-scale real-world attacks.

This is not the first time that Google has had to name and shame Microsoft about an unpatched bug in its software.

Last year, Google published details about a critical vulnerability in Windows – something Microsoft was not overly happy about.

The US search firm’s Threat Analysis group disclosed the details of the critical vulnerability in a post on its security blog.

SEE ALSO:   Windows 10 update finally fixes this huge PC headache

It reported the bug to Microsoft 10 days ago, but the Redmond firm has done nothing

The glitch was being used to bypass the security sandboxing used in the Windows32K system, Google has claimed.

Google said it reported the bug to Microsoft 10 days ago, but the Redmond firm has done nothing to address the issue.

In its official blog, Google wrote: “After seven days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released.

“This vulnerability is particularly serious because we know it is being actively exploited.”

Source: Express.co

About the author

mm

Kamil Arli

Editor of DigitalReview.co. Digital Media Consultant

Leave a Comment